Compromised adnetwork.treez.my caused TV3 (Malaysia) users infected by malware

Sistem Televisyen Malaysia Berhad (STMB) or TV3 was incorporated in 1983 and was officially launched it started began broadcasting on 1 June 1984 as Malaysia’s first commercial television station for launched terrestrial based in Kuala Lumpur (a national capital of Malaysia). It is part of Media Prima group of companies. It now transmits opened broadcasting business private 24-hours a day, 7 days a week since 1 January 2010. (wiki)

According to Alexa, www.tv3.com.my gain high ranking especially at Malaysia with rank 229 and world rank is 45,854 . The website is especially popular amongst from home users and estimated lots of users's computer without latest patch will be infected by this malware.

TV3's external link (adnetwork.treez.my) has been compromised and injected with malicious URL.

Redirection chain:

hxxxp://www.tv3.com.my/

->hxxxp://adnetwork.treez.my/www/delivery/spcjs.php?id=9&target=_blank=_blank

-->hxxxp://adnetwork.treez.my/www/delivery/spcjs.php?id=9&target=_blank=_blank

--->hxxxp://adnetwork.treez.my/www/delivery/spc.php?zones=51%7C73%7C72%7C67%7C68%7C69%7C70%7C71%7C52%............................

---->hxxxp://2j1rpzr.co.cc/tds/in.cgi?default

----->hxxxp://6he6420.co.cc/x22

------>hxxxp://6he6420.co.cc/x22/load.php?spl=java_ws

------>hxxxp://6he6420.co.cc/x22/helpctrall.asx.php

------>hxxxp://6he6420.co.cc/x22/load.php?spl=mdac_3&h=

------>hxxxp://6he6420.co.cc/x22/pdf.php?

---->hxxxp://2j1rpzr.co.cc/tds/in.cgi?default

----->hxxxp://parametrg.in:8080/axb/

------>hxxxp://parametrg.in:8080/axb/8c10e5fc7d85aa037840ada903d3fa63.php

------>hxxxp://parametrg.in:8080/axb/?showtopic=2&view=MSIE&showuser=30449499&showforum=%2F&s=6.0

adnetwork.treez.my image:

After analyzing the content, noticed that it target few different type of vulnerability, which download an executable file called "a22273b.exe.

-MDAC

-Java

-Microsoft Help and Support Center (CVE-2010-1885)

-PDF

Payload of injected sites:

malware:

Without suprise, malware was submitted to Virustotal gain very low detection (4/42) or 9.5%. Please do scan again your whole computer with latest virus definition.

Malware ("a22273b.exe")

MD5 : 07c077fa5b2c3b981f8a9d8c87f1ff2b

SHA1 : 0d365a13a176355b7fe0ebfcc077670c136f6ad0

SHA256: bd24a6df5408cf0a7cf45a3813c604a187fd69de00ce7f5f4036dd53c6ec2a17

Browsershots showed that Firefox browser able to block from users when visiting to this website, but not for IE8.

IE 8 Browser

Malicious link and others:

178.18.243.4

2j1rpzr.co.cc

64.74.179.120

flying-city-2011.com

iuhweigiwe.com

parametrg.in

qefoma.com

traff-2012.com

tyklip.com

wotremb.com

yahoo-services.net

Canadian Pharmaceutic Spam - 23-Aug

203.113.112.249

*.discountrx-pills.com

*.healthcanadadrugexchange.net

*.heidromcem.com

*.ionpharmacyonline.eu

*.leardutty.com

*.ljovquhfimt.com

*.lower-pricemeds.com

*.medsusatabletsdirect.net

*.mssmartstart.eu

*.mymhacsis.com

*.mypzyjhu.com

*.nedihjiele.com

*.nuksecheh.com

*.oboluyrbap.com

*.optimalhealthwellness.com

*.otborepoy.com

*.pillpharmacymedicationsworld.net

*.puxurbexe.com

*.qursuxjott.com

*.rutvoreumi.com

*.rxcapsuleshealth.com

*.rxdrugsmexico.eu

*.tabletpcsite.net

*.tabletspillswellnessworld.eu

*.thibcalni.com

*.ubkyhqutato.net

*.uesiakbemu.com

*.unguhisqusa.net

*.uvcivcurm.com

*.xoqwudve.net

*.xufcalbyp.net

*.yafowsoh.com

*.yancadsidlu.com

*.yankuxawa.com

*.yoquzybuilf.net

*.yourtoretablets.net

*.zoglaysaty.net

admin.greattabletsdrug.com

admin.heidromcem.com

admin.ifapfyndep.com

admin.ionpharmacyonline.eu

admin.leardutty.com

admin.lower-pricemeds.com

admin.medsusatabletsdirect.net

admin.mssmartstart.eu

admin.mypzyjhu.com

admin.nedihjiele.com

admin.nuksecheh.com

admin.oboluyrbap.com

admin.optimalhealthwellness.com

admin.otborepoy.com

admin.pharmacy-offering.com

admin.pharmacydrugmart.com

admin.pillpharmacymedicationsworld.net

admin.pillscheapstore.net

admin.pittiwcorut.com

admin.puxurbexe.com

admin.qursuxjott.com

admin.qwekbonve.com

admin.qwevgiht.com

admin.rutvoreumi.com

admin.tabletspillswellnessworld.eu

admin.thibcalni.com

admin.uesiakbemu.com

admin.unguhisqusa.net

admin.uvcivcurm.com

admin.woxmugguvs.com

admin.xergaurw.com

admin.xoqwudve.net

admin.xufcalbyp.net

admin.yafowsoh.com

admin.yoquzybuilf.net

admin.yourchoicepharmacy.eu

admin.yourtoretablets.net

admin.zoglaysaty.net

chykvunt.com

cogtorlab.com

healthcanadadrugexchange.net

juzgiejzem.com

kluagmakynh.com

leardutty.com

ljovquhfimt.com

mail.ionpharmacyonline.eu

mail.leardutty.com

mail.lower-pricemeds.com

mail.medsusatabletsdirect.net

mail.mypzyjhu.com

mail.nuksecheh.com

mail.nyjuobcy.net

mail.oboluyrbap.com

mail.optimalhealthwellness.com

mail.otborepoy.com

mail.pillpharmacymedicationsworld.net

mail.pillsandmeds.com

mail.pillscheapstore.net

mail.puxurbexe.com

mail.qursuxjott.com

mail.rutvoreumi.com

mail.rxdrugsmexico.eu

mail.tabletspillswellnessworld.eu

mail.thibcalni.com

mail.uvcivcurm.com

mail.woizryarh.com

mail.xoqwudve.com

mail.xoqwudve.net

mail.xufcalbyp.net

mail.yafowsoh.com

mail.yancadsidlu.com

mail.yankuxawa.com

mail.yoquzybuilf.net

mail.yourchoicepharmacy.eu

mail.yourtoretablets.net

mail.zeabatag.com

mail.zoglaysaty.net

medsdiscountrx.com

medspharmacyhealthdirect.net

medsprescriptionmart.net

molhyuhbure.com

mymhacsis.com

mypzyjhu.com

ns1.ifapfyndep.com

ns1.ionpharmacyonline.eu

ns1.isdurzoepy.com

ns1.leardutty.com

ns1.lower-pricemeds.com

ns1.mrogdiwgym.com

ns1.mypzyjhu.com

ns1.nuksecheh.com

ns1.nyjuobcy.net

ns1.oboluyrbap.com

ns1.otborepoy.com

ns1.puxurbexe.com

ns1.qursuxjott.com

ns1.rutvoreumi.com

ns1.rxdrugsmexico.eu

ns1.tabletpcsite.net

ns1.tabletspillswellnessworld.eu

ns1.ubkyhqutato.net

ns1.unguhisqusa.net

ns1.uvcivcurm.com

ns1.woizryarh.com

ns1.xoqwudve.com

ns1.xoqwudve.net

ns1.xufcalbyp.net

ns1.yafowsoh.com

ns1.yankuxawa.com

ns1.yoquzybuilf.net

ns1.yourchoicepharmacy.eu

ns1.zoglaysaty.net

ns2.hriebnez.com

ns2.ifapfyndep.com

ns2.ionpharmacyonline.eu

ns2.leardutty.com

ns2.lower-pricemeds.com

ns2.mssmartstart.eu

ns2.mymhacsis.com

ns2.mypzyjhu.com

ns2.nuksecheh.com

ns2.nyjuobcy.net

ns2.oboluyrbap.com

ns2.otborepoy.com

ns2.puxurbexe.com

ns2.rutvoreumi.com

ns2.rxdrugsmexico.eu

ns2.tabletspillswellnessworld.eu

ns2.thibcalni.com

ns2.ubkyhqutato.net

ns2.unguhisqusa.net

ns2.uvcivcurm.com

ns2.woizryarh.com

ns2.woxmugguvs.com

ns2.xialbews.com

ns2.xoqwudve.net

ns2.xufcalbyp.net

ns2.yafowsoh.com

ns2.yankuxawa.com

ns2.yoquzybuilf.net

ns2.yourchoicepharmacy.eu

ns2.zoglaysaty.net

nuksecheh.com

nyjuobcy.net

oboluyrbap.com

okeragulz.com

otborepoy.com

peremirek.com

pharmacy-offering.com

pharmacydrugmart.com

pillpharmacymedicationsworld.net

pittiwcorut.com

promotionrxpills.com

puxurbexe.com

qwevgiht.com

qwuafage.com

rutvoreumi.com

rxcapsuleshealth.com

rxpharmacy-usa.com

rxtabletsmeds.net

tabletownhealthdirect.com

tabletpcsite.net

tabletrxmedical.com

tabletspillswellnessworld.eu

thibcalni.com

thyucylbyb.com

ubkyhqutato.net

uccyzanno.com

uesiakbemu.com

uvcivcurm.com

vantufire.com

wawreulzij.com

www.raiqudloxny.com

www.verbeytso.com

xirozaqe.com

xoqwudve.com

xoqwudve.net

xufcalbyp.net

yafowsoh.com

yancadsidlu.com

yankuxawa.com

yourtoretablets.net

yutwejhan.com

zoglaysaty.net

210.94.177.97

*.dwegjowysy.net

*.ollajmiql.com

*.uccyzanno.com

*.vantufire.com

*.vdubygeyw.com

admin.dwegjowysy.net

admin.vdubygeyw.com

dwegjowysy.net

mail.dwegjowysy.net

mail.ollajmiql.com

ns1.ollajmiql.com

ns1.vdubygeyw.com

ns2.dwegjowysy.net

ns2.ollajmiql.com

ns2.vdubygeyw.com

ollajmiql.com

pharmacyjobstablets.net

uccyzanno.com

vantufire.com

vdubygeyw.com

218.248.66.190

*.canadianpharmacytablets.net

*.chykvunt.com

*.cnirgadr.com

*.cnirgadr.net

*.cogtorlab.com

*.elwylpidy.com

*.fastdelivery-rx.com

*.fryjayxqui.com

*.greatmedsdrug.net

*.igatgyxoigg.com

*.illshealthworld.com

*.jitkidewpej.com

*.kifbumeqwol.com

*.lozaxigbajl.com

*.mareinfapyp.com

*.ofygzerzy.com

*.ojpenzefa.com

*.ollajmiql.com

*.peremirek.com

*.pillmedicineshop.net

*.pillsourcehealth.com

*.pillspharmacytablets.com

*.pillsrxdrugstoreguide.net

*.pillstoreprescription.net

*.plejcefiev.com

*.plycuvqe.com

*.qulihnausl.com

*.quzfuhtyx.com

*.shoparoundpills.net

*.sloqubmel.com

*.tabletscheaprxmeds.net

*.tabletsrxmedssite.net

*.takemedsnow.net

*.thetablethealthrx.com

*.uccyzanno.com

*.ucqubuvlygl.com

*.ugsyjyzh.com

*.vantufire.com

*.vdubygeyw.com

*.vtekfobne.com

*.wacnyhfya.com

*.wedmartstore.net

*.wusdyftis.com

*.xajquwpoido.com

*.xichaury.com

*.xumabvimpy.com

*.yabmejhus.com

*.yoctikna.com

*.yuwqukzyt.com

*.zluvbugy.com

admin.canadianpharmacytablets.net

admin.chykvunt.com

admin.cogtorlab.com

admin.elwylpidy.com

admin.fastdelivery-rx.com

admin.fryjayxqui.com

admin.greatmedsdrug.net

admin.greatmedsless.com

admin.greatnorthernmeds.com

admin.hywzuzapus.com

admin.igatgyxoigg.com

admin.lozaxigbajl.com

admin.nyqwahdyns.net

admin.ostetsivno.com

admin.peremirek.com

admin.pillmedicineshop.net

admin.pillsourcehealth.com

admin.rxchangeguide.com

admin.rxdiscountdrugs.com

admin.shoparoundpills.net

admin.tabletscheaprxmeds.net

admin.takemedsnow.net

admin.twyfzagyst.com

admin.vdubygeyw.com

admin.vtekfobne.com

admin.wedmartstore.net

admin.xichaury.com

admin.yoctikna.com

admin.zluzgymwo.net

canadianpharmacytablets.net

chykvunt.com

cnirgadr.com

cnirgadr.net

cogtorlab.com

dwoxofgos.com

elwylpidy.com

greatmedsdrug.net

greatmedsless.com

greatpilltabletsprescription.net

healthcanadadrugexchange.net

illshealthworld.com

internetpharmacypills.net

lozaxigbajl.com

mail.canadianpharmacytablets.net

mail.chykvunt.com

mail.cogtorlab.com

mail.cyqudasi.com

mail.fastdelivery-rx.com

mail.fryjayxqui.com

mail.greatmedsdrug.net

mail.greatnorthernmeds.com

mail.lozaxigbajl.com

mail.nyqwahdyns.com

mail.nyqwahdyns.net

mail.ojpenzefa.com

mail.ostetsivno.com

mail.peremirek.com

mail.pillmedicineshop.net

mail.pillsourcehealth.com

mail.pillsrxdrugstoreguide.net

mail.plycuvqe.com

mail.pulgofyr.com

mail.ragzelpup.com

mail.rodnyhlaz.com

mail.rozkoxraxy.com

mail.shoparoundpills.net

mail.tabletscheaprxmeds.net

mail.takemedsnow.net

mail.tluosquxu.net

mail.twyfzagyst.com

mail.wacnyhfya.com

mail.wedmartstore.net

mail.xichaury.com

mail.yabmejhus.com

mail.yoctikna.com

mail.yuwqukzyt.com

mail.zluvbugy.com

mail.zluzgymwo.net

ns1.chykvunt.com

ns1.cogtorlab.com

ns1.doepsuehoxy.com

ns1.dwegjowysy.net

ns1.ebcaskihus.com

ns1.elwylpidy.com

ns1.fastdelivery-rx.com

ns1.fryjayxqui.com

ns1.lozaxigbajl.com

ns1.nyqwahdyns.com

ns1.nyqwahdyns.net

ns1.ojsammuats.com

ns1.peremirek.com

ns1.qwopvuavcen.com

ns1.vdubygeyw.com

ns1.wacnyhfya.com

ns1.xyckyhco.com

ns1.yabmejhus.com

ns1.yoctikna.com

ns1.yuwqukzyt.com

ns1.zluvbugy.com

ns2.chykvunt.com

ns2.cogtorlab.com

ns2.dwegjowysy.net

ns2.lozaxigbajl.com

ns2.nyqwahdyns.com

ns2.nyqwahdyns.net

ns2.peremirek.com

ns2.planetdrug-direct.com

ns2.plycuvqe.com

ns2.qwopvuavcen.com

ns2.rodnyhlaz.com

ns2.rxcapsuleshealth.com

ns2.vtekfobne.com

ns2.xoqwudve.com

ns2.xyckyhco.com

ns2.yoctikna.com

ns2.zluvbugy.com

ns2.zluzgymwo.net

ofygzerzy.com

peremirek.com

pharmacyjobstablets.net

pillmedicineshop.net

pillsourcehealth.com

pillspharmacytablets.com

pillsrxdrugstoreguide.net

planetdrug-direct.com

qwinzinke.com

rinus20481.sloqubmel.com

ruu2agjehq3.wedmartstore.net

rxdiscountdrugs.com

shoparoundpills.net

storemedssite.com

tabletownhealthdirect.com

tabletrxmedical.com

tabletscheaprxmeds.net

tabletsrxmedssite.net

takemedsnow.net

thetablethealthrx.com

uccyzanno.com

ugsyjyzh.com

vantufire.com

vupreuhl.net

wedmartstore.net

xoqwudve.com

xoqwudve.net

xyckyhco.com

yahoznavl.com

yoctikna.com

yuwqukzyt.com

61.138.248.68

*.aquteriox.com

*.bduvdinfygn.com

*.bubire.ru

*.canadianpharmacytablets.net

*.cheap-genericss.com

*.cnirgadr.net

*.dwegjowysy.net

*.dwoxofgos.com

*.greatmedsdrug.net

*.greatpillsmedicine.net

*.illshealthworld.com

*.megnyhmitji.com

*.milgocbeb.com

*.onlinepillzz.com

*.pharmacymentalhealth.com

*.pillmedicineshop.net

*.pillsrxdrugstoreguide.net

*.pillstabletsrxpharmacy.net

*.sjavgaxize.com

*.sumzusna.com

*.tabletsrxmedssite.net

*.thetabletdrugstore.net

*.topapothecary.eu

*.uccyzanno.com

*.vantufire.com

*.vtekfobne.com

*.vupreuhl.net

*.xikiquxixu.com

*.yourpillprice.com

*.zekwekzypdi.com

*.zluvbugy.com

admin.canadianpharmacytablets.net

admin.cheap-genericss.com

admin.cnirgadr.net

admin.dwoxofgos.com

admin.elwylpidy.com

admin.farntiklers.com

admin.greatmedsdrug.net

admin.greatmedsless.com

admin.milgocbeb.com

admin.ojpenzefa.com

admin.ollajmiql.com

admin.onlinepillzz.com

admin.pillmedicineshop.net

admin.pillshottablets.com

admin.pillshottabletsworld.com

admin.pillstabletsrxpharmacy.net

admin.rxchangesite.net

admin.topapothecary.eu

admin.ucqubuvlygl.com

admin.vtekfobne.com

admin.vupreuhl.net

admin.wacnyhfya.com

admin.xichaury.com

admin.yourpillprice.com

aquteriox.com

bduvdinfygn.com

bubire.ru

canadianpharmacytablets.net

cheap-genericss.com

cnirgadr.com

cnirgadr.net

dwoxofgos.com

ebcaskihus.com

elwylpidy.com

greatpillsmedicine.net

healthcanadadrugexchange.net

illshealthworld.com

lowerprice-meds.com

mail.canadianpharmacytablets.net

mail.cheap-genericss.com

mail.dwegjowysy.net

mail.dwoxofgos.com

mail.ebcaskihus.com

mail.elwylpidy.com

mail.greatmedsdrug.net

mail.milgocbeb.com

mail.onlinepillzz.com

mail.pillmedicineshop.net

mail.pillsrxdrugstoreguide.net

mail.pillstabletsrxpharmacy.net

mail.rxchangesite.net

mail.shelamoik.com

mail.topapothecary.eu

mail.vdubygeyw.com

mail.vtekfobne.com

mail.wacnyhfya.com

mail.yourpillprice.com

mail.zekwekzypdi.com

medicalparkrx.net

megnyhmitji.com

milgocbeb.com

ns1.cheap-genericss.com

ns1.cnirgadr.com

ns1.dwegjowysy.net

ns1.dwoxofgos.com

ns1.elwylpidy.com

ns1.milgocbeb.com

ns1.onlinepillzz.com

ns1.pillstabletsrxpharmacy.net

ns1.topapothecary.eu

ns1.vtekfobne.com

ns1.wusdyftis.com

ns1.xichaury.com

ns2.cheap-genericss.com

ns2.cnirgadr.com

ns2.cnirgadr.net

ns2.dwegjowysy.net

ns2.dwoxofgos.com

ns2.elwylpidy.com

ns2.farntiklers.com

ns2.fryjayxqui.com

ns2.milgocbeb.com

ns2.ojpenzefa.com

ns2.onlinepillzz.com

ns2.pillstabletsrxpharmacy.net

ns2.qulihnausl.com

ns2.topapothecary.eu

ns2.vtekfobne.com

ns2.wusdyftis.com

onlinepillzz.com

partysexladies.com

pharmacyjobstablets.net

pharmacymentalhealth.com

pillmedicineshop.net

pillsrxdrugstoreguide.net

pillstabletsrxpharmacy.net

pillstoreprescription.net

ploymjursup.com

pulgofyr.com

sexmoviesdirect.com

sloqubmel.com

sumzusna.com

tabletsrxmedssite.net

thetabletdrugstore.net

topapothecary.eu

two7.topapothecary.eu

uccyzanno.com

ucqubuvlygl.com

vantufire.com

vtekfobne.com

wacnyhfya.com

whaqwirg.com

wusdyftis.com

xichaury.com

yourpillprice.com

zluvbugy.com

61.144.19.90

*.alikebyroy.com

*.aquteriox.com

*.bduvdinfygn.com

*.boilregefant.com

*.cardwatchsun.com

*.clothespupil.com

*.colondwelling.com

*.dastlope.com

*.devideseps.com

*.doepsuehoxy.com

*.duopices.com

*.dusrglody.com

*.earconfluence.com

*.embraconst.com

*.firmlyetverd.com

*.freegurd.com

*.ghastyjury.com

*.golderor.com

*.greatpillsmedicine.net

*.greeckfim.com

*.holfgops.com

*.hywzuzapus.com

*.illshealthworld.com

*.lambdrumbow.com

*.leavedress.com

*.lurestores.com

*.matterflop.com

*.mecver.com

*.melthtow.com

*.naptougke.com

*.nerotak.com

*.nutgroveage.com

*.ojsammuats.com

*.ostetsivno.com

*.pilesidepod.com

*.pillmedicineshop.net

*.pillsrxdrugstoreguide.net

*.postcardtear.com

*.quzfuhtyx.com

*.restelf.com

*.shaggybike.com

*.sloqubmel.com

*.soackavry.com

*.sovcosaccom.com

*.stratumplus.com

*.tabletsrxmedssite.net

*.thipedfiker.com

*.thoughtfu.com

*.uccyzanno.com

*.vantufire.com

*.walleybus.com

*.weoberoad.net

*.whiffballad.com

*.xumabvimpy.com

absnesheart.com

admin.cnirgadr.com

admin.cnirgadr.net

admin.dwoxofgos.com

admin.quzfuhtyx.com

admin.xumabvimpy.com

alikebyroy.com

aquteriox.com

bduvdinfygn.com

boilregefant.com

cardwatchsun.com

clothespupil.com

cnirgadr.com

cnirgadr.net

colondwelling.com

dastlope.com

devideseps.com

doepsuehoxy.com

duopices.com

dusrglody.com

dwoxofgos.com

earconfluence.com

elwylpidy.com

embraconst.com

firmlyetverd.com

freegurd.com

ghastyjury.com

golderor.com

greatmedsless.com

greatpillsmedicine.net

greeckfim.com

holfgops.com

hywzuzapus.com

illshealthworld.com

lambdrumbow.com

lurestores.com

mail.cnirgadr.com

mail.cnirgadr.net

mail.cyqudasi.com

mail.dwoxofgos.com

mail.ojsammuats.com

mail.ostetsivno.com

mail.pillsrxdrugstoreguide.net

mail.sniqwoilmos.com

mail.xumabvimpy.com

matterflop.com

naptougke.com

nerotak.com

ns1.alikebyroy.com

ns1.cardwatchsun.com

ns1.clothespupil.com

ns1.cnirgadr.com

ns1.cnirgadr.net

ns1.colondwelling.com

ns1.dastlope.com

ns1.devideseps.com

ns1.duopices.com

ns1.dusrglody.com

ns1.dwoxofgos.com

ns1.earconfluence.com

ns1.embraconst.com

ns1.freegurd.com

ns1.ghastyjury.com

ns1.golderor.com

ns1.greeckfim.com

ns1.holfgops.com

ns1.lambdrumbow.com

ns1.leavedress.com

ns1.lurestores.com

ns1.matterflop.com

ns1.melthtow.com

ns1.naptougke.com

ns1.nerotak.com

ns1.nutgroveage.com

ns1.pilesidepod.com

ns1.postcardtear.com

ns1.restelf.com

ns1.shaggybike.com

ns1.soackavry.com

ns1.sodalecture.com

ns1.sovcosaccom.com

ns1.stratumplus.com

ns1.thipedfiker.com

ns1.thoughtfu.com

ns1.walleybus.com

ns1.weoberoad.net

ns1.whiffballad.com

ns1.xumabvimpy.com

ns2.alikebyroy.com

ns2.boilregefant.com

ns2.cardwatchsun.com

ns2.clothespupil.com

ns2.cnirgadr.com

ns2.cnirgadr.net

ns2.colondwelling.com

ns2.dastlope.com

ns2.devideseps.com

ns2.duopices.com

ns2.dusrglody.com

ns2.dwoxofgos.com

ns2.earconfluence.com

ns2.embraconst.com

ns2.firmlyetverd.com

ns2.ghastyjury.com

ns2.golderor.com

ns2.greeckfim.com

ns2.holfgops.com

ns2.lambdrumbow.com

ns2.leavedress.com

ns2.lurestores.com

ns2.matterflop.com

ns2.melthtow.com

ns2.naptougke.com

ns2.nerotak.com

ns2.nutgroveage.com

ns2.pilesidepod.com

ns2.postcardtear.com

ns2.quzfuhtyx.com

ns2.restelf.com

ns2.shaggybike.com

ns2.sniqwoilmos.com

ns2.soackavry.com

ns2.sodalecture.com

ns2.sovcosaccom.com

ns2.stratumplus.com

ns2.thipedfiker.com

ns2.thoughtfu.com

ns2.weoberoad.net

ns2.whiffballad.com

ns2.xumabvimpy.com

nutgroveage.com

ojpenzefa.com

ostetsivno.com

pharmacyjobstablets.net

pilesidepod.com

pillmedicineshop.net

pillsrxdrugstoreguide.net

postcardtear.com

quzfuhtyx.com

restelf.com

shaggybike.com

sloqubmel.com

sniqwoilmos.com

soackavry.com

sodalecture.com

sovcosaccom.com

stratumplus.com

sumzusna.com

tabletsrxmedssite.net

thipedfiker.com

thoughtfu.com

uccyzanno.com

uddernecessary.com

vantufire.com

vtekfobne.com

wacnyhfya.com

walleybus.com

weoberoad.net

whiffballad.com

wusdyftis.com

www.sovcosaccom.com

xichaury.com

xoqwudve.com

xoqwudve.net

yourchoicepharmacy.eu

zluvbugy.com

66.45.237.212

*.ariton.t35.com

*.aujocni.t35.com

*.azitromed.t35.com

*.bmnzhr.t35.com

*.bocvzpqwl.t35.com

*.com.htmlwww.unpef48.t35.com

*.falilat.t35.com

*.fhou.t35.com

*.fwww.t35.com

*.hdfccsbank.t35.com

*.htmlwww.unpef48.t35.com

*.itmg.t35.com

*.ldqwhos.t35.com

*.meleex.t35.com

*.nvuo.t35.com

*.owquyoxk.t35.com

*.pxlk.t35.com

*.saadullah.t35.com

*.t35.com

*.tcbnrha.t35.com

*.ud7swe.t35.com

*.unpef.com.htmlwww.unpef48.t35.com

*.unpef48.t35.com

*.wnlduwzr.t35.com

*.www.aujocni.t35.com

*.www.bmnzhr.t35.com

*.www.bocvzpqwl.t35.com

*.www.fhou.t35.com

*.www.fwww.t35.com

*.www.itmg.t35.com

*.www.ldqwhos.t35.com

*.www.nvuo.t35.com

*.www.owquyoxk.t35.com

*.www.pxlk.t35.com

*.www.tcbnrha.t35.com

*.www.wnlduwzr.t35.com

*.www.yrcahq.t35.com

*.www.zvbn.t35.com

*.www.zvdqgwjw.t35.com

*.yrcahq.t35.com

*.zvbn.t35.com

*.zvdqgwjw.t35.com

05748.t35.com

3sbe.t35.com

9jadarkl0rd.t35.com

abbey1.t35.com

abbeynplc.t35.com

accessonlineupdate.t35.com

acclongin2010.t35.com

alfredgomx.t35.com

alliancce.t35.com

amaliaessencial.t35.com

angelsaddiavolo.t35.com

anggit.t35.com

ariton.t35.com

arizonatoo.t35.com

aujocni.t35.com

azitromed.t35.com

banaameex.t35.com

banameex-sesion.t35.com

banamex-empresas.t35.com

banamex-netkey.t35.com

bankingeclosedindia.t35.com

bankofindiaonlineservice.t35.com

bankofindiasecurityalert.t35.com

bankofindiasecuritywatch.t35.com

barnamex.t35.com

bible.t35.com

bizboost.t35.com

bizbooster.t35.com

bmnzhr.t35.com

bocvzpqwl.t35.com

btrl24.t35.com

butterfieldd.t35.com

butuhbasar.t35.com

buytadalafilchik.t35.com

calab.t35.com

camionerosweb.t35.com

citilogin.t35.com

com.htmlwww.unpef48.t35.com

combatir-acne.t35.com

danke.t35.com

davka.t35.com

dedmorossko.t35.com

devilzone.t35.com

dkz1.t35.com

dolby.t35.com

duphaston.t35.com

estrace521.t35.com

falilat.t35.com

fdgdgrege.t35.com

fhou.t35.com

finivest.t35.com

freechips.t35.com

freeware-ad.t35.com

friends09.t35.com

fwww.t35.com

gestanin.t35.com

ghhghg.t35.com

goooffy.t35.com

grtf.t35.com

hagsg.t35.com

halifax.t35.com

hdfccsbank.t35.com

hedisa.t35.com

hitmain.t35.com

htmlwww.unpef48.t35.com

htyhythyth.t35.com

im19.t35.com

indiaonlineserviceboi.t35.com

inetpnbi.t35.com

irsfreevar.t35.com

itmg.t35.com

iymal.t35.com

jadult.t35.com

kalerxy.t35.com

kings2t.t35.com

ldqwhos.t35.com

lombardi000507.t35.com

mailer1.t35.com

meetsaferbuds.t35.com

meleex.t35.com

montagemfotos.t35.com

namordnikik.t35.com

naprosyn456.t35.com

netpnbonline.t35.com

netpnbonlinsecurityalert.t35.com

newbillalert.t35.com

newhappy.t35.com

njvj.t35.com

noriko.t35.com

novoehappy.t35.com

ns2.t35.com

nvuo.t35.com

ogard.t35.com

ogbele.t35.com

oijvhalaocp.t35.com

owquyoxk.t35.com

parod23.t35.com

porn-xxx.t35.com

pozaa.t35.com

punjat.t35.com

pxlk.t35.com

quikcall.t35.com

raghil.t35.com

realestateprofiles.t35.com

rtgregerger.t35.com

rubyval.t35.com

rutinahappy.t35.com

ruyyttrtr.t35.com

saadullah.t35.com

seasonique.t35.com

shluxxi.t35.com

simbahmu.t35.com

skanodezdu.t35.com

spyware-re.t35.com

starconnectcbsalert.t35.com

starconnectcbsupdate.t35.com

sururlu.t35.com

tcbnrha.t35.com

texas-accountpoker.t35.com

toohappyo.t35.com

ud7swe.t35.com

unpef.com.htmlwww.unpef48.t35.com

unpef48.t35.com

usernewhappy.t35.com

vadiks.t35.com

vele.t35.com

verveve.t35.com

videosforfriends.t35.com

vital.t35.com

wach.t35.com

wachoviabankingsecurity.t35.com

wachoviabola.t35.com

wachovlogsinfoonline.t35.com

wnlduwzr.t35.com

www.aujocni.t35.com

www.azitromed.t35.com

www.bmnzhr.t35.com

www.bocvzpqwl.t35.com

www.falilat.t35.com

www.fhou.t35.com

www.fwww.t35.com

www.itmg.t35.com

www.ldqwhos.t35.com

www.meleex.t35.com

www.nvuo.t35.com

www.owquyoxk.t35.com

www.pxlk.t35.com

www.tcbnrha.t35.com

www.unpef.com.htmlwww.unpef48.t35.com

www.wnlduwzr.t35.com

www.www.aujocni.t35.com

www.www.bmnzhr.t35.com

www.www.bocvzpqwl.t35.com

www.www.fhou.t35.com

www.www.fwww.t35.com

www.www.itmg.t35.com

www.www.ldqwhos.t35.com

www.www.nvuo.t35.com

www.www.owquyoxk.t35.com

www.www.pxlk.t35.com

www.www.tcbnrha.t35.com

www.www.wnlduwzr.t35.com

www.www.yrcahq.t35.com

www.www.zvbn.t35.com

www.www.zvdqgwjw.t35.com

www.yrcahq.t35.com

www.zvbn.t35.com

www.zvdqgwjw.t35.com

yah000.t35.com

yaoishrine.t35.com

yrcahq.t35.com

zaglotextgen.t35.com

zelnorm.t35.com

zelnormsis1.t35.com

zvbn.t35.com

zvdqgwjw.t35.com

69.10.48.106

*.ariton.t35.com

*.aujocni.t35.com

*.azitromed.t35.com

*.bmnzhr.t35.com

*.bocvzpqwl.t35.com

*.com.htmlwww.unpef48.t35.com

*.falilat.t35.com

*.fhou.t35.com

*.fwww.t35.com

*.hdfccsbank.t35.com

*.htmlwww.unpef48.t35.com

*.itmg.t35.com

*.ldqwhos.t35.com

*.meleex.t35.com

*.nvuo.t35.com

*.owquyoxk.t35.com

*.pxlk.t35.com

*.saadullah.t35.com

*.tcbnrha.t35.com

*.ud7swe.t35.com

*.unpef.com.htmlwww.unpef48.t35.com

*.unpef48.t35.com

*.wnlduwzr.t35.com

*.www.aujocni.t35.com

*.www.bmnzhr.t35.com

*.www.bocvzpqwl.t35.com

*.www.fhou.t35.com

*.www.fwww.t35.com

*.www.itmg.t35.com

*.www.ldqwhos.t35.com

*.www.nvuo.t35.com

*.www.owquyoxk.t35.com

*.www.pxlk.t35.com

*.www.tcbnrha.t35.com

*.www.wnlduwzr.t35.com

*.www.yrcahq.t35.com

*.www.zvbn.t35.com

*.www.zvdqgwjw.t35.com

*.yrcahq.t35.com

*.zvbn.t35.com

*.zvdqgwjw.t35.com

05748.t35.com

3sbe.t35.com

9jadarkl0rd.t35.com

abbey1.t35.com

accessonlineupdate.t35.com

acclongin2010.t35.com

alfredgomx.t35.com

alliancce.t35.com

amaliaessencial.t35.com

angelsaddiavolo.t35.com

anggit.t35.com

ariton.t35.com

arizonatoo.t35.com

aujocni.t35.com

azitromed.t35.com

banaameex.t35.com

banameex-sesion.t35.com

banamex-empresas.t35.com

banamex-netkey.t35.com

bankingeclosedindia.t35.com

bankofindiaonlineservice.t35.com

bankofindiasecurityalert.t35.com

bankofindiasecuritywatch.t35.com

barnamex.t35.com

bible.t35.com

bizboost.t35.com

bizbooster.t35.com

bmnzhr.t35.com

bocvzpqwl.t35.com

btrl24.t35.com

butterfieldd.t35.com

butuhbasar.t35.com

buytadalafilchik.t35.com

calab.t35.com

camionerosweb.t35.com

citilogin.t35.com

com.htmlwww.unpef48.t35.com

combatir-acne.t35.com

danke.t35.com

davka.t35.com

dedmorossko.t35.com

devilzone.t35.com

dkz1.t35.com

dolby.t35.com

duphaston.t35.com

estrace521.t35.com

falilat.t35.com

fdgdgrege.t35.com

fhou.t35.com

finivest.t35.com

freechips.t35.com

freeware-ad.t35.com

friends09.t35.com

fwww.t35.com

gestanin.t35.com

ghhghg.t35.com

goooffy.t35.com

grtf.t35.com

gurudes.t35.com

halifax.t35.com

ham4real02.t35.com

hdfccsbank.t35.com

hedisa.t35.com

hitmain.t35.com

htmlwww.unpef48.t35.com

htyhythyth.t35.com

im19.t35.com

indiaonlineserviceboi.t35.com

inetpnbi.t35.com

irsfreevar.t35.com

itmg.t35.com

iymal.t35.com

kalerxy.t35.com

kings2t.t35.com

ldqwhos.t35.com

lombardi000507.t35.com

mailer1.t35.com

meetsaferbuds.t35.com

meleex.t35.com

montagemfotos.t35.com

namordnikik.t35.com

naprosyn456.t35.com

netpnbonline.t35.com

netpnbonlinsecurityalert.t35.com

newbillalert.t35.com

newhappy.t35.com

njvj.t35.com

novoehappy.t35.com

ns2.t35.com

nvuo.t35.com

ogard.t35.com

ogbele.t35.com

oijvhalaocp.t35.com

openvpx.t35.com

otdzp.t35.com

owquyoxk.t35.com

parod23.t35.com

porn-xxx.t35.com

pozaa.t35.com

punjat.t35.com

pxlk.t35.com

quikcall.t35.com

raghil.t35.com

realestateprofiles.t35.com

rtgregerger.t35.com

rubyval.t35.com

rutinahappy.t35.com

ruyyttrtr.t35.com

saadullah.t35.com

seasonique.t35.com

shluxxi.t35.com

simbahmu.t35.com

skanodezdu.t35.com

spyware-re.t35.com

starconnectcbsalert.t35.com

starconnectcbsupdate.t35.com

sururlu.t35.com

tcbnrha.t35.com

texas-accountpoker.t35.com

toohappyo.t35.com

trucosmetroflog2009.t35.com

ud7swe.t35.com

unpef.com.htmlwww.unpef48.t35.com

unpef48.t35.com

usernewhappy.t35.com

vadiks.t35.com

vele.t35.com

verveve.t35.com

videosforfriends.t35.com

vital.t35.com

wach.t35.com

wachoviabankingsecurity.t35.com

wachoviabola.t35.com

wachovlogsinfoonline.t35.com

wnlduwzr.t35.com

www.aujocni.t35.com

www.azitromed.t35.com

www.bmnzhr.t35.com

www.bocvzpqwl.t35.com

www.falilat.t35.com

www.fhou.t35.com

www.fwww.t35.com

www.itmg.t35.com

www.ldqwhos.t35.com

www.meleex.t35.com

www.nvuo.t35.com

www.owquyoxk.t35.com

www.pxlk.t35.com

www.tcbnrha.t35.com

www.unpef.com.htmlwww.unpef48.t35.com

www.wnlduwzr.t35.com

www.www.aujocni.t35.com

www.www.bmnzhr.t35.com

www.www.bocvzpqwl.t35.com

www.www.fhou.t35.com

www.www.fwww.t35.com

www.www.itmg.t35.com

www.www.ldqwhos.t35.com

www.www.nvuo.t35.com

www.www.owquyoxk.t35.com

www.www.pxlk.t35.com

www.www.tcbnrha.t35.com

www.www.wnlduwzr.t35.com

www.www.yrcahq.t35.com

www.www.zvbn.t35.com

www.www.zvdqgwjw.t35.com

www.yrcahq.t35.com

www.zvbn.t35.com

www.zvdqgwjw.t35.com

yah000.t35.com

yaoishrine.t35.com

yrcahq.t35.com

zaglotextgen.t35.com

zelnorm.t35.com

zelnormsis1.t35.com

zvbn.t35.com

zvdqgwjw.t35.com

219.148.199.18

*.aquteriox.com

*.bduvdinfygn.com

*.canadianpharmacytablets.net

*.cheap-genericss.com

*.cnirgadr.com

*.cnirgadr.net

*.dwegjowysy.net

*.dwoxofgos.com

*.elwylpidy.com

*.farntiklers.com

*.greatmedsdrug.net

*.greatpilltabletsprescription.net

*.healthfoodpharmacy.net

*.hywzuzapus.com

*.hyxhezha.com

*.illshealthworld.com

*.nyqwahdyns.com

*.nyqwahdyns.net

*.ojpenzefa.com

*.ollajmiql.com

*.onlinepillzz.com

*.pharmacymentalhealth.com

*.pillmedicineshop.net

*.pillsrxdrugstoreguide.net

*.pillstabletsrxpharmacy.net

*.qwopvuavcen.com

*.rxdiscountdrugs.com

*.shelamoik.com

*.sloqubmel.com

*.sumzusna.com

*.tabletsrxmedssite.net

*.vdubygeyw.com

*.vtekfobne.com

*.wacnyhfya.com

*.wusdyftis.com

*.xichaury.com

*.zluvbugy.com

admin.canadianpharmacytablets.net

admin.cheap-genericss.com

admin.cnirgadr.net

admin.dwegjowysy.net

admin.dwoxofgos.com

admin.elwylpidy.com

admin.expresspillsrx.com

admin.greatmedsdrug.net

admin.greatmedsless.com

admin.haejmezzew.com

admin.healthfoodpharmacy.net

admin.hyxhezha.com

admin.iokraxresi.com

admin.krukdytyjwo.com

admin.medsprescriptionshop.com

admin.ojpenzefa.com

admin.ollajmiql.com

admin.onlinepillzz.com

admin.pillstabletsrxpharmacy.net

admin.rimtykcowla.com

admin.shelamoik.com

admin.storemedssite.com

admin.vdubygeyw.com

admin.vtekfobne.com

admin.wacnyhfya.com

admin.wusdyftis.com

admin.xichaury.com

admin.yourmedspillsmedicine.com

admin.zluvbugy.com

aquteriox.com

bduvdinfygn.com

canadianpharmacytablets.net

cheap-genericss.com

cnirgadr.com

cnirgadr.net

discount-pillsrx.com

dwegjowysy.net

dwoxofgos.com

elwylpidy.com

farntiklers.com

greatmedsdrug.net

greatmedsless.com

healthfoodpharmacy.net

illshealthworld.com

mail.bduvdinfygn.com

mail.canadianpharmacytablets.net

mail.cheap-genericss.com

mail.cnirgadr.com

mail.cnirgadr.net

mail.doepsuehoxy.com

mail.dwegjowysy.net

mail.dwoxofgos.com

mail.elwylpidy.com

mail.greatmedsdrug.net

mail.haejmezzew.com

mail.healthfoodpharmacy.net

mail.healthmedspillsguide.com

mail.hyxhezha.com

mail.iokraxresi.com

mail.krukdytyjwo.com

mail.ojpenzefa.com

mail.ollajmiql.com

mail.onlinepillzz.com

mail.pillsrxdrugstoreguide.net

mail.pillstabletsrxpharmacy.net

mail.pillswellnessdrug.net

mail.shelamoik.com

mail.vdubygeyw.com

mail.vtekfobne.com

mail.wacnyhfya.com

mail.wusdyftis.com

mail.xichaury.com

mail.zluvbugy.com

ns1.bduvdinfygn.com

ns1.cheap-genericss.com

ns1.cnirgadr.com

ns1.cnirgadr.net

ns1.dwegjowysy.net

ns1.dwoxofgos.com

ns1.elwylpidy.com

ns1.haejmezzew.com

ns1.ojpenzefa.com

ns1.ollajmiql.com

ns1.online-pharmacyss.com

ns1.onlinepillzz.com

ns1.pillstabletsrxpharmacy.net

ns1.qulihnausl.com

ns1.shelamoik.com

ns1.vdubygeyw.com

ns1.vtekfobne.com

ns1.wacnyhfya.com

ns1.wusdyftis.com

ns1.xichaury.com

ns1.zluvbugy.com

ns2.bduvdinfygn.com

ns2.cheap-genericss.com

ns2.cnirgadr.com

ns2.cnirgadr.net

ns2.dwoxofgos.com

ns2.elwylpidy.com

ns2.iokraxresi.com

ns2.mauleffios.com

ns2.ojpenzefa.com

ns2.ollajmiql.com

ns2.online-pharmacyss.com

ns2.onlinepillzz.com

ns2.pillstabletsrxpharmacy.net

ns2.rimtykcowla.com

ns2.shelamoik.com

ns2.twyfzagyst.com

ns2.vdubygeyw.com

ns2.vtekfobne.com

ns2.wacnyhfya.com

ns2.wusdyftis.com

ns2.xichaury.com

ns2.zluvbugy.com

ojpenzefa.com

ollajmiql.com

online-pharmacyss.com

onlinepillzz.com

pharmacymentalhealth.com

pharmacyprescriptiontablets.com

pharmacyrxhealthplans.net

pillmedicineshop.net

pillsrxdrugstoreguide.net

pillstabletsrxpharmacy.net

pillstoreprescription.net

qulihnausl.com

rinus20481.sloqubmel.com

shelamoik.com

tabletsrxmedssite.net

tiojutis.com

twolzapnib.com

unihavikl.com

vdubygeyw.com

vtekfobne.com

wacnyhfya.com

wusdyftis.com

xichaury.com

yourmedspillsmedicine.com

zekwekzypdi.com

zluvbugy.com

61.150.91.183

*.aquteriox.com

*.best-pillcheap.com

*.canadianpharmacytablets.net

*.cheap-genericss.com

*.chykvunt.com

*.cogtorlab.com

*.cyqudasi.com

*.doepsuehoxy.com

*.dypabodi.com

*.fastdelivery-rx.com

*.greatpillsmedicine.net

*.hywzuzapus.com

*.illshealthworld.com

*.jonahoynox.com

*.medshop4you.com

*.milgocbeb.com

*.ojsammuats.com

*.online-pharmacyss.com

*.onlinepillzz.com

*.ostetsivno.com

*.peremirek.com

*.pharmacymentalhealth.com

*.pillscheaprxonline.net

*.pillsrxdrugstoreguide.net

*.pillsstoreguide.net

*.pillstabletsrxpharmacy.net

*.pillswellnessdrug.net

*.quzfuhtyx.com

*.rxcapsuleshealth.com

*.rxprescriptionmart.net

*.sloqubmel.com

*.sniqwoilmos.com

*.sumzusna.com

*.xumabvimpy.com

*.yoctikna.com

admin.best-pillcheap.com

admin.canadianpharmacytablets.net

admin.cheap-genericss.com

admin.chykvunt.com

admin.cogtorlab.com

admin.cyqudasi.com

admin.dwegjowysy.net

admin.fastdelivery-rx.com

admin.greatmedsless.com

admin.hywzuzapus.com

admin.jonahoynox.com

admin.milgocbeb.com

admin.ojsammuats.com

admin.ollajmiql.com

admin.online-pharmacyss.com

admin.onlinepillzz.com

admin.ostetsivno.com

admin.peremirek.com

admin.pillstabletsrxpharmacy.net

admin.pillswellnessdrug.net

admin.quzfuhtyx.com

admin.rxprescriptionmart.net

admin.sniqwoilmos.com

admin.xumabvimpy.com

admin.yoctikna.com

aquteriox.com

best-pillcheap.com

canadianpharmacytablets.net

cheap-genericss.com

chykvunt.com

cogtorlab.com

cyqudasi.com

discount-pillsrx.com

doepsuehoxy.com

dwegjowysy.net

dypabodi.com

fastdelivery-rx.com

greatpillsmedicine.net

healthcentermart.net

hywzuzapus.com

illshealthworld.com

internetpharmacypills.net

jonahoynox.com

mail.best-pillcheap.com

mail.canadianpharmacytablets.net

mail.cheap-genericss.com

mail.chykvunt.com

mail.cogtorlab.com

mail.cyqudasi.com

mail.fastdelivery-rx.com

mail.hywzuzapus.com

mail.medshop4you.com

mail.milgocbeb.com

mail.ojsammuats.com

mail.ollajmiql.com

mail.online-pharmacyss.com

mail.onlinepillzz.com

mail.ostetsivno.com

mail.peremirek.com

mail.pillscheaprxonline.net

mail.pillsrxdrugstoreguide.net

mail.pillstabletsrxpharmacy.net

mail.pillswellnessdrug.net

mail.quzfuhtyx.com

mail.rxprescriptionmart.net

mail.sniqwoilmos.com

mail.xumabvimpy.com

mail.yoctikna.com

medshop4you.com

milgocbeb.com

ns1.best-pillcheap.com

ns1.cheap-genericss.com

ns1.chykvunt.com

ns1.cogtorlab.com

ns1.cyqudasi.com

ns1.doepsuehoxy.com

ns1.fastdelivery-rx.com

ns1.hywzuzapus.com

ns1.medshop4you.com

ns1.milgocbeb.com

ns1.ojsammuats.com

ns1.ollajmiql.com

ns1.online-pharmacyss.com

ns1.onlinepillzz.com

ns1.ostetsivno.com

ns1.peremirek.com

ns1.pillstabletsrxpharmacy.net

ns1.quzfuhtyx.com

ns1.sniqwoilmos.com

ns1.xumabvimpy.com

ns1.yoctikna.com

ns2.best-pillcheap.com

ns2.cheap-genericss.com

ns2.chykvunt.com

ns2.cogtorlab.com

ns2.cyqudasi.com

ns2.fastdelivery-rx.com

ns2.hywzuzapus.com

ns2.medshop4you.com

ns2.milgocbeb.com

ns2.ojsammuats.com

ns2.ollajmiql.com

ns2.online-pharmacyss.com

ns2.onlinepillzz.com

ns2.ostetsivno.com

ns2.peremirek.com

ns2.pillstabletsrxpharmacy.net

ns2.quzfuhtyx.com

ns2.sniqwoilmos.com

ns2.vdubygeyw.com

ns2.xumabvimpy.com

ns2.yoctikna.com

ojsammuats.com

ollajmiql.com

online-pharmacyss.com

onlinepillzz.com

ostetsivno.com

peremirek.com

pharmacymentalhealth.com

pillscheaprxonline.net

pillsrxdrugstoreguide.net

pillsstoreguide.net

pillstabletsrxpharmacy.net

pillstoreprescription.net

pillswellnessdrug.net

quzfuhtyx.com

rinus20481.sloqubmel.com

rxcapsuleshealth.com

rxprescriptionmart.net

sloqubmel.com

sniqwoilmos.com

sumzusna.com

tabletownhealthdirect.com

tabletrxmedical.com

vdubygeyw.com

www.medshop4you.com

www.rxprescriptionmart.net

xoqwudve.com

xoqwudve.net

xumabvimpy.com

yoctikna.com

yourchoicepharmacy.eu

122.227.135.37

*.cheaprxmeds-online.com

*.discountedrefills.com

*.expresspillsnow.com

*.findrx-online.com

*.global-rx-medss.com

*.mymeddeals.com

*.ordermeds4me.com

*.reorderyourmeds.com

*.xmedss.com

admin.cheaprxmeds-online.com

admin.discountedrefills.com

admin.expresspillsnow.com

admin.findrx-online.com

admin.global-rx-medss.com

admin.medication-reorder.com

admin.ordermeds4me.com

admin.reordermymedication.com

admin.reorderyourmeds.com

cheaprxmeds-online.com

discountedrefills.com

discountrxs-online.com

findrx-online.com

global-rx-medss.com

goodrxsupplier.com

medication-reorder.com

mymeddeals.com

ns.cheaprxmeds-online.com

ns.discountedrefills.com

ns.expresspillsnow.com

ns.findrx-online.com

ns.global-rx-medss.com

ns.medication-reorder.com

ns.ordermeds4me.com

ns.reordermymedication.com

ns.reordermymeds.com

ns.reorderyourmeds.com

ns.xmedss.com

reordermymedication.com

reordermymeds.com

reorderyourmeds.com

www.kankandy.com

FakeCodec - Video Streaming

By using google search, you can easily find lots of the urls end with "xplaymovie.php"; most of the urls flagged as HARMFULL by Google Safe Browsing! "inurl: xplaymovie.php"

tony-tube.com/xplaymovie.php?id=48267

great-tube-fest.net/xplaymovie.php?id=45312

vectortubes.net/xplaymovie.php?id=48441

super-world-tube.com/xplaymovie.php?id=48267

new-red-tube.com/xplaymovie.php?id=45337

free-girl-tube.com/xplaymovie.php?id=48267

border-tube.com/xplaymovie.php?id=48267

free-tube-gallery.com/xplaymovie.php?id=48267

xxx-more-tube.com/xplaymovie.php?id=40081

sunny-xxx-tube.com/xplaymovie.php?id=45337

real-clear-tube.com/xplaymovie.php?id=40081

number-1-tube.com/xplaymovie.php?id=45360&q=beyonceoops

our-best-tube.com/xplaymovie.php?id=48267

real-tube-portal.com/xplaymovie.php?id=45360&q=beyoncefakes

real-new-tube.com/xplaymovie.php?id=48267

home-sun-tube.net/xplaymovie.php?id=48267

2010-home-tube.com/xplaymovie.php?id=48267

clear-green-tube.com/xplaymovie.php?id=48267

free-mega-tube.com/xplaymovie.php?id=48267

celebs-tube-2010.com/xplaymovie.php?id=48267

best-tube-2010.com/xplaymovie.php?id=40081

Those video will entice users to update flash in order able to see the video streaming. And it will result with malware file "themediaservice.com/New-Video-Addon.48441.exe"

themediaservice.com/New-Video-Addon.48441.exe (28/ 42 (66.7%)) VT

MD5 : 1447ff638a8fff94d261677b2fd60d04

SHA1 : 90e49d26b5c84fd11b5c0706975585e0469dc37b

SHA256: dde52f72849198c9a8aff13c20f225962f4019d091ae9a3ac3f773b180416190

Other malicious link

216.240.140.202

scanner-free.com

analtake.com

dogusarts.com

dreamartsonline.com

expert-tube.net

floraarts.net

free-tube-gallery.net

great-blue-tube.com

great-tube-palace.com

greatvintagearts.com

green-real-tube.com

marina-tube.com

modern-tube.net

more-great-tube.net

movie-film-tube.com

new-tube-fest.com

photoartsdirect.com

suoer-mego-tubes.com

super-fresh-tube.com

super-tubes-mego.com

superartscenter.com

try-tube.com

tube-portal-2010.com

verona-tube.com

world-tube-2009.com

www.159666.com

xxx-more-tube.com

0800encoder.com

123come.net

17uy.net

18sui.net

2ggw.net

369w.net

456win.net

5991.com

5991.net

5portpwpwpw123.afraid.org

91tg.net

abraxasabstract.com

afternicsucks.com

allencoders.com

allsensorshop.com

analogencoder.com

arservice.net

artspecialty.net

atbest.com

back-ns.de

bdlly.net

bedekbayit.co.il

bestencoder.com

biltriteindustries.com

blackhole.roccoc.net

blackholemedia.net

bordasp.net

brandgo.com

brandloyalty.de

brits.com

broadmeade.net

builderspreferredmortgage.net

builderspreferredmtg.net

burbridgerealty.net

butorplaza.net

campjordan.net

catalogonazionale.net

catholicliving.com

charterfabrics.com

china-tc.net

clinres.com

codeurs.com

collins-debden.com

copperbeechcap.net

corofinswiss.com

cosmos-of-ideas.net

crownguest.net

csmv.qc.ca

customfurniturestudio.com

dancehookup.com

deborahyoung.net

devcell.com

dieying.net

djye.net

drehgeber.net

drehgebershop.com

drehimpulsgeber.com

druekerco.net

e-hvbc.com

encoder-products.com

encoderkid.com

encoderkit.com

encodersolutions.com

encoderstore.com

encodeur.com

engineering-joy.net

eratings.com

esuissefund.com

evansford.com

extremefrog.net

fd0.net

findcancerexperts.com

finitezero.net

fptraders.com

franken-connect.net

freespiritaero.net

ganyuren.net

genius-shop.net

geniusshop.net

gesgroup-online.com

global-encoder.com

global-encoder.net

globalencoder.net

globalencodersolutions.com

globalmediahouse.com

golfpalya.net

goofymail.stipowered.com

greatunix.net

green702.com

grunny.com

gtauro.net

guiaderubi.com

gwbn.net

haodian.net

highlanderequipment.com

hillari.net

hohlwellengeber.com

hotaaa.net

hottriplea.net

house-o-celebs.com

hualei.online.sh.cn

huannet.com

huongloc.com

impulsgeber.com

indobetonline.com

indusensor.com

indusensor.net

industrial-encoder.net

inkrementalencoder.com

inkrementalgeber.com

innovation-fighters.net

innovationfighters.net

intelligentmarketing.com

inwto.net

k-tecusa.com

karisdevelopment.com

keacapital.com

kenland-international.net

kio.kz

kstrat.com

lagardener.com

learntodrivetrucks.com

legalgraphix.com

lovelands.net

luton-family.com

mail.newtimescargo.com

mail2.gargox.com

mail2.klingler.net

mapaj.net

marciarussell.net

mars.dnsdc7.com

medicorp1.com

mein-expert-office.net

mein-express-office.net

mein-xpert-office.net

mein-xpress-office.net

meinexpertoffice.net

meinexpressoffice.net

meinxpertoffice.net

meinxpressoffice.net

meivert.net

mx1.schottdorf-it.de

mx2.autoanoleggio.com

my-expert-office.net

my-express-office.net

my-xpert-office.net

my-xpress-office.net

myexpertoffice.net

myexpressoffice.net

myipservice.com

myxpertoffice.net

myxpressoffice.net

n2ngw.nyser.net

no1encoder.com

novatitlellc.com

nowhere.ce2l.net

nowhere.ibretagne.net

nowhere.lucky.pitux.allnet.fr

nsasex.net

opticalencodershop.com

pnorris.com

portmangroup.com

privatecerts.net

rcfaith.com

rokkas.net

rotaryencodershop.com

s-tassociates.com

schottdorf-it.de

searchltc.net

sensoricshop.com

sensorikshop.com

server.no

sfins.com

shanedrinkard.com

sherksoftcanada.com

sherpa2.com

sightholder.net

sink.nosense.org

skybus.com

sm555.com

smoking-airline.net

smoothj.net

smtpbogus.asia1.com.sg

solutions-for-automation.com

sourceex.com

spinningdoors.com

star-lighter.com

stockwood.us

stonepost.net

sulykontroll.net

sunreed.net

supportcvtest.com

tboxsunglasses.net

test.interland.net

thaiha.net

the-exposures.com

theglassmithshop.com

thomasgregor.com

thoo.net

trucking123.com

ufosthetruth.com

ultrajazz.net

uncnet.net

unisonllc.net

visionaryretailer.net

w988.net

webmediaonline.net

widecomputer.net

wlan-controller-1.hivolda.no

wlan-gw.kymp.net

wlc.dir.garr.it

www.back-ns.de

www.etechdata.com.au

www.jason314.com

xpress-office.net

xpressdesktop.net

xxtoday.net

youareonnotice.net

zinesoft.net

best-tube-contact.com

216.240.140.201

helen-tube.com/xplaymovie.php?id=48267

best-flash-tube.com

best-xxl-tube.net

bestnanotube.com

betterhottube.com

bigbluemusictube.com

boss-super-tube.com

crystal-tube-area.com

free-girl-tube.com

free-mega-tube.com

freetubeonline.net

fresh-tube-2010.com

great-super-tube.com

great-tube-portal.com

greattubeonline.com

home-rose-tube.com

hot-tube-site.com

loko-tube.com

mego-super-tubes.com

more-best-tube.com

next-blue-tube.com

nimble-tube.net

our-best-tube.com

real-new-tube.com

slopingtoptube.com

super-world-tube.com

testthetube.com

thetubeaudio.com

tubepalooza.com

vectortubes.net

*.iego.net

aa556677.com

artlessonsworld.com

best-real-tube.com

bestflashplugins.com

besttubecool.com

besttubeworld.net

bigexchangedata.com

bigmediaweb.com

bolo-arts.com

cetnicka-oluja.net

citysupermedia.com

comnetmultimedia.com

cristalflash.com

datamastertech.com

datamovieonline.com

digitalartstudies.com

digitalmastermark.com

dogartglass.com

dot.enrutador.com

dvddatacenter.com

dvdmagicstorage.com

dynamicmediawork.com

eastartcenter.com

filemediagroup.com

filescoldstorage.com

filesseasononline.com

free-girl-tube.com

free-mega-tube.com

freebigutilites.com

freedownloaddata.com

freemultimedialist.com

freenetflash.com

frontloadarea.com

fullmediaservice.com

globalultimedia.com

gomediademo.com

goodmultimediaonline.net

gpw9999.com

greatbigtube.com

greatestwavefiles.com

hottrackdvd.com

loadareasite.com

loadrevisions.com

login-here.net

login-here.org

lynxnewmedia.com

media4allworld.com

mediadatatraffic.net

mediadvdformat.com

mediafilesonline.net

mediagroupcode.com

mediamarka.com

moreflshplugins.com

movielocationinfo.com

moviepublicstorage.com

moviestarpluginsonline.com

moviestarplus.com

movieutilitesonline.com

multimediaarchivedata.com

multimediastandart.com

multimediastorageworld.com

multimediatoolguide.com

multimediatoolsonline.com

mx2.mulinostucky.com

neoartdesign.com

newdatagroup.com

newmediafiles.com

ns0.agsato.com

oceandigitalfilm.com

planetmoviedvd.com

puretechstorage.net

realwindowsmedia.com

realzonemedia.com

samsgreatarts.com

spluginsworld.com

superbobmovie.com

superfilesonline.com

supermegatube.net

superworldmedia.com

thebettermovie.com

themediaplugin2009.com

thephotodrive.net

theplayerdownload.com

videomachinetools.com

webwapfilm.com

worlddvdportal.com

worldmediadata.com

0mw.net

adnetmultimedia.com

andromediasoftware.com

bestinternetmedia.com

bestmultimediaonline.com

bigeasyarts.com

bigfreepackage.com

bigstartmedia.com

chineseartsonline.com

dataplayfiles.com

dataplaynews.com

datarevisions.com

dataselfstorage.com

datasoftmedia.com

digitalagemultimedia.com

dmaraio.net

dvddigitalplayer.com

electronicmediaforum.com

filetoolsworld.com

filmdatasystems.com

flashartssite.com

free-tube-gallery.com

freecodedvd.com

freemegamedia.com

freevideomegapack.com

genuinemediaonline.com

greatbearmedia.com

greatmultimediaplayer.com

greatnextmedia.com

greendataweb.com

greentoparts.com

idigitaldata.com

infodataworks.com

infolookmultimedia.com

internetmediafox.com

leckdieziege.homeunix.net

loveableart.com

mediainfodirect.com

mediaprogramsite.com

mediapromedia.com

mediaservicesdata.com

mediasolutionsdata.com

mediaupdateworld.com

mobilemultimediadata.com

mono-arts.com

montereymediainfo.com

movieclipfact.com

moviedataworld.com

moviestarlabel.com

movieworldinfo.com

multimediasupersite.com

nettvarts.com

network-arts.com

new-zeitgeist.com

ns1.hillthird.com

ns2.hillthird.com

ns2.pillplaceagree.com

ns3.abilityhand.com

ns3.advocacydistant.com

ns3.casestrength.com

ns3.chairthose.com

ns3.chanceexperience.com

ns4.abilityhand.com

ns4.advocacydistant.com

ns4.casestrength.com

ns4.chairthose.com

ns4.chanceexperience.com

perfectdatacare.com

picturesoftglue.com

prodatawww.com

quicksetsystems.com

read-arts.com

real-best-tube.net

realmediaguy.com

super-clear-tube.com

super-soft-area.net

supermovieworld.com

techvideopro.com

thedigitaldata.com

thefilesfree.com

themarinamedia.com

thetopmultimedia.com

tony-tube.com

townshipgroup.com

tuxonet.org

videosofttools.com

worldpays.com

yume-dojo.net

*.ca600.cn

090911.com

2009zj.com

2012yong.com

21jc.net

3027888.com

3d5789.com

3gclick.net

415415.com

41711.com

41ga.com

53k-bbs.com

592asus.com

609567.com

65750.com

666hs.com

728666.com

768555.com

769100.com

78445.com

85ran.com

86180086.net

88845588.com

9118888.com

9918888.com

9985dw2.com

9city.net

abrafox.net

ahkitchen.com

ahysbzw.com

aijianzj.com

any-in-0808.1e100.net

araider.net

ax5588.com

basebit.com

beldencable.net

bestmalearts.com

bestwap.com

biaer.net

bien-heureux.com

bluewww.com

ca600.cn

caixp.net

callcenters.cn

cangdian.net

carken.net

ccrr180.com

ccrr663.com

ch09.cn

china188-printing.com

chinacang.net

chinaemv.net

coffeemood.net

cqmotorcycle.net

culturemediaonline.com

cy100.cn

de9988.com

del1255532754.i-now.com

del1255532780.i-now.com

dglvsheng.com

dicamry.net

digitaldatapost.com

diyarim.biz

dnsez.com

dongmantu.com

dt38.com

dtvworld.net

e-cbd.net

fakemx.shalmon-cs.com

fbm-pcba.com

feizhuliucn.com

film-163.com

foto-kids.ru

friendv.net

g2tw.com

g885.com

gbnl.net

gd3388.com

gliet-dzyqc.com

goldencereal.com

google-public-dns-a.google.com

gtdnw.com

guangdatz.com

guotai8.com

hejingyun.com

hfyuyan.com

hknsc.hk

hkperfect.net

hnlvfeng.com

huabaotz.com

hurb.org

hxsjsz.com

hzpt.net

jesu.com.cn

jialeyuan.net

jingdianchina.com

jjran.com

jxjlw.net

jxttjk.com

kkeeyong.com

kxstar.net

likegame.net

lostsky.org

ls123.net

madwebtech.com

magnetcn.net

mail.rootguide.net

mail.shinghinggroup.com

mail.xinwindows.com

mediasoftetc.com

meihe.biz

meizhouw.com

mx-8-8-8-8.localhostdz.info

my7g.com

netobjective.com

nettu.net

new-york-personal-injury-attorney.co.cc

newfortu.com

ns1.dataresolve.com

ns1.nc7.be

ns2.chebis.com

nxfc.net

ouxin.net

palaa.net

powertron.com.cn

qichetuku.com

qimay.com

qqp.cn

quanfu001.info

reach-world.net

red-hot-tube.com

rexbookstore.com.ph

rococolg.net

shejitupian.com

shijxing.com

shinghinggroup.com

shoujituku.com

smyong2.com

soi89.com

spaceeyes.net

stzp.net

sucaituku.com

suoju.net

szalisen.com

taobaola.net

tauck.com.cn

teleone-china.com

timesbook.net

truelinux.net

tthappy.net

ultra-f.net

vcddvd.net

videoracedata.com

wenwenba.com

woodstyledesign.com

wuzhousoccer.com

www.311.hk

www.ca600.cn

www.wenwenba.com

www.xamat.info.vn

xiangyangdz.com

xmbm8.com

xn--04qr15as95a.com

xn--13w487c9a.com

xn--15q45l0tbsy2f.net

xn--1lq84ep6a71d936h.com

xn--1lq90in6lmk3d.com

xn--1lqs4zw53a.com

xn--2008-eg2h.com

xn--3et983f.com

xn--45qv91bb1m.com

xn--4kq568a1na83jyb.com

xn--4kq568aejdmb105b.com

xn--54q59kgqmr4bm70d301a.com

xn--54qr16bvobkx5c.com

xn--7mq759mgzf.com

xn--7ou366j.com

xn--7ou366j.net

xn--8ftr60g5ib.com

xn--9iq98glsks73c.com

xn--cest9bo1ok5v.com

xn--estz23byh0a.com

xn--etts7gnt8d.com

xn--fhqw0go0dz18amy3a.com

xn--fjq92bp0qe3cd69g8pm.com

xn--g2xu18bcnd.com

xn--h5q2cy12kbwc.com

xn--h6qx20cd2e4qc.com

xn--huss71n.com

xn--hxt925h.com

xn--inrt1kuxi.com

xn--j7qw2d404f.com

xn--j7qw2db40bqqu1ig.com

xn--jvrr93b2giptw.com

xn--kpr25ed35a.com

xn--lsw56z.com

xn--m7r566l8sb.com

xn--mbt044f6ur.com

xn--mnq481g2xh.com

xn--qbtq4mjsey51c.com

xn--qrqq7p11d4t1c.net

xn--qrqv06f.com

xn--s1ra914fba.com

xn--smq788m.com

xn--tstt36h.com

xn--vhquv531aegz89e.com

xn--vsqy46as19a3ig.com

yahoomailcenter.com

yaozhongwiremesh.com

yesell.net

yjrlzy.com

youhui999.com

youngunion.net

ywguke.com

zacn.net

zb2008.net

zdlight.com

zgymw.net

zs5555.com

zy83.com

bestgoldtube.com

ns2.timkiemcongviec.com

thebeerstube.com

tube-great-tube.com

www.sextake.com

*.soso300.com

accepted.am

answer.9you.com

archi-tube-world.com

auwebsiteuggboots.info

bestloadexe.com

blaironia.com

cinta.fm

coolbesttubes.com

cp168998.com

dingsmedia.net

directtvsatelliteradio.com

dns1.hbtele.com

exereloads.com

exesuperload.com

freshdownloadcenter.com

ggtoto.net

golfyoyaku.net

goodtoto.com

greentubeindex.net

greentubelist.com

homebosstube.com

hostmaster.authentic-uggboots.info

hostmaster.authenticuggsnowboots.info

hostmaster.newyearuggboots.info

hostmaster.springdiscountuggs.info

hostmaster.uggbaileybuttonboot.info

hostmaster.uggood2010.info

hostmaster.uggsbootaustraliansite.info

hostmaster.uggsnowbootsoflondon.info

lex-mono-tube.com

lillfirman.se

liulanzhe.net

liulanzhe.org

loadexedirect.com

localtubeonline.com

mail.datingstudio.com

mail.gameoriented.com

mail.sewing-embroidery.com

mail.vans2buses.com

masturbate.fm

moreartsgallery.com

movieartscenter.com

muchbettertubes.com

muchtubebetter.com

mx1.vinciunmaster.com

mx2.hituero.com

my-tube-list.net

nantiansoftware.com

omo-tube.com

our-first-tube.com

polo-tube-online.net

sewing-embroidery.com

smile3377.com

sonc3k.net

soso300.com

spam.rispens.net

springdiscountuggs.info

thescrapcat.dk

totokor.com

tubeindexworld.com

uggbaileybuttonboot.info

uggbootsmystyle.info

uggood2010.info

uggsbootaustraliansite.info

uggsnowbootsoflondon.info

videocodecfile.com

www.soso300.com

www.swtoto.com

themediaservice.com

bestloadcell.com

Blizzard Battlenet Phishing Sites

eu-blizzard-store.net

net-account-management.net

battle-bbs.net

wrathofthelichking.net46.net

battle-net-account-login.nalarag.pl

battlepe.net

usbattler.net

74.82.184.4

*.jjk88.net

*.ns1.jjk88.net

*.ns1.zqt6.com

*.zqt6.com

battle-testing.net

battle-tests.net

battle-tria.net

battleto.net

clslzy.com

ism-sh.com

jjk88.net

link.ldki.cn

nmhxsm.com

ns1.jjk88.net

ns1.zqt6.com

root.ns1.jjk88.net

root.ns1.zqt6.com

rzxueya.com

sintist.com

usbattle-tria.net

zqt6.com

battle-bbs.net

www.mmlive.net/Account/Login.aspx

Mozilla Firefox 3.5.x Address Bar Spoofing Vulnerability

Vulnerable: Mozilla Firefox 3.5.x

Exploit:




Reference:

http://Securitylab.ir/Advisories


Disclaimer:
The script showed above might cause something offensive, use at own risk.

Microsoft released workaround to fix CVE-2010-2568

Reference: http://support.microsoft.com/kb/2286198

To implement the workaround that disables .LNK and .PIF file functionality automatically on a computer that is running Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, or Windows Server R2.

Enable workaround Fix It

If want to undo the workaround, click on disable workaround Fix It

Or you can apply yourself by doing some changes on registry.

Enable Changes:

1. Click Start, click Run, type regedit in the Open box, and then click OK.

2. Locate and then select the following registry key:
HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler

3. Click the File menu and then click Export.

4. In the Export Registry File dialog box, type LNK_Icon_Backup.reg and then click Save.

Note This will create a backup of this registry key in the My Documents folder by default .

5. Select the value (Default) on the right pane in the Registy Editor. Press ENTER to edit the value of the key. Delete the value, so that the value is blank, and press ENTER.

6. Locate and then select the following registry key:
HKEY_CLASSES_ROOT\piffile\shellex\IconHandler

7. Click the File menu and then click Export.

8. In the Export Registry File dialog box, type PIF_Icon_Backup.reg and then click Save.

Note This will create a backup of this registry key in the My Documents folder by default

9. Select the value (Default) on the right pane in the Registy Editor. Press ENTER to edit the value of the key. Delete the value, so that the value is blank, and press ENTER.

Disable Changes:

How to undo the interactive method

1. Click Start, click Run, type regedit in the Open box, and then click OK.

2. On the File menu, click Import.

3. In the Import Registry File dialog box, select LNK_Icon_Backup.reg, and then click Open.

4. On the File menu, click Import.

5. In the Import Registry File dialog box, select PIF_Icon_Backup.reg, and then click Open.

6. Exit Registry Editor, and then restart the computer.

How to manually reset the Registry key values to the default values

1. Click Start, click Run, type regedit in the Open box, and then click OK.

2. Locate and then click the following registry key:
HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler

3. Reset the registry key value to:
{00021401-0000-0000-C000-000000000046}

4. Locate and then click the following registry key:
HKEY_CLASSES_ROOT\piffile\shellex\IconHandler

5. Reset the registry key value to:
{00021401-0000-0000-C000-000000000046}

6. Restart the computer

blogspot.com and multiply.com serve zbot's eCard

Zbot is diversify its strategic and targeting blogspot and multiply social networking tool to spread the malware.



The message of the website sounds like:

You have received an Greeting eCard
Good day.
You have received an eCard

To pick up your eCard, choose from any of the following options:
Click on the following link (or copy & paste it into your web browser):

http://theorionfund.org/ecard.exe

Your card will be aviailable for pick-up beginning for the next 30 days.
Please be sure to view your eCard before the days are up!

We hope you enjoy you eCard.

Thank You!

Few websites were identified to host similar scam.

hxxxp://bocaalenda.multiply.com/journal/item/169/You_have_received_an_Greeting_eCard
hxxxp://bocaalenda.multiply.com/journal/item/168/You_have_received_an_Greeting_eCard
hxxxp://bocaalenda.multiply.com/journal/item/170/You_have_received_an_Greeting_eCard
hxxxp://googeelblog.blogspot.com/2010/07/you-have-received-greeting-ecard_9433.html
hxxxp://my-dnb.blogspot.com/2010/07/you-have-received-greeting-ecard_5182.html
hxxxp://my-dnb.blogspot.com/2010/07/you-have-received-greeting-ecard_5260.html
hxxxp://my-dnb.blogspot.com/2010/07/you-have-received-greeting-ecard_505.html
hxxxp://angelusfecit.blogspot.com/2010/07/you-have-received-greeting-ecard_1193.html
hxxxp://angelusfecit.blogspot.com/2010/07/you-have-received-greeting-ecard_7126.html
hxxxp://angelusfecit.blogspot.com/2010/07/you-have-received-greeting-ecard_3877.html

Malware samples:
hxxxp://passmc.com/ecard.exe
hxxxp://theorionfund.org/ecard.exe VT (11/42)
hxxxp://westinghouse-ueo.net/card.exe VT (12/42)
hxxxp://laxus.com.br/ecard.exe VT (27/42)
hxxxp://onlinehom.com/ecard.exe


IP Address: 167.142.226.220

accuscript-mt.com
agri-ed.com
agricareersinc.com
alsvacuum.com
americandeco.com
arcadiaiowa.net
argeetrans.com
barnesfoodland.com
beef4you.com
bethurem.com
bistatetelesource.com
bloomfieldfoundry.com
casshealth.com
casshealth.org
cfirst.com
chalkartist.com
cityofmechanicsville.net
clonerights.com
cmtel.com
commodityservices.com
creative-treasures.net
customprecast.com
dbrooker.com
delimit.com
deltainc-usa.com
fachristian.com
farm-and-home.com
fmtcnet.com
froehlichcomm.com
fughios.net
gbmckee.com
geometricdesigninc.net
gilman-iowa.com
gogelbvieh.com
greeneiowa.com
hawkeyebb.com
helianthus-productions.com
helianthusproductions.com
hi-res-graphics.com
hickorypark-bbq.com
hometowntvappliance.com
jamesport-mo.com
kellogg-iowa.com
kwqc.net
lawtoniowa.com
leonardrealty.net
libertycommunications.com
llbk.com
lwvia.org
madridiowa.com
marneelkhorn.com
mathisoninc.com
mckennatrx.com
mewnlite.com
midwestbenefits.com
mindymyers.com
music-iowa.com
ncrlc.com
ndm-girls-softball.com
nebola.com
netins.net
netinsts.net
newleafmedia.net
newlifefamilyworship.com
northscottchamber.com
northscottsoccer.net
odebolt.net
ooo-er.net
polybytes.com
polyview.com
portals-past.com
prairielifestudio.com
prairieridge.net
prins-ins.com
proscription.net
qcqc.com
raytech-measuring.com
restorationproduct.com
rettey.com
riwma.net
rkshows.com
rock-n-row-adventures.com
rohlfsen.com
rosenboom.com
security-title.net
sellers-sellars-sollars-zellars.net
smyser-racing.com
somethingtoshare.net
southslope.com
spal-usa.com
spreadingelm.com
st-pauls-cathedral.com
statelinerally.net
stjosephjefferson.net
stratfordiowa.com
strawberrycomputing.net
suemears.com
swanengr.com
tastetogo.net
thoughtscreate.com
thundersnow.com
tigerbowl.com
timswebsite.net
tonyvaldez.com
tournamentheadquarters.net
vcbconsulting.com
vikingupdate.com
vossrealty.com
wdmpsych.com
webhosting.netins.net
whiteroofing.com
windturbinewarehouse.com
word-crafter.net
www.barnesfoodland.com
www.fachristian.com
www.libertycommunications.com
www.ndm-girls-softball.com
www.northscottchamber.com
www.prairielifestudio.com
www.restorationproduct.com
y2ks.com


IP Address: 207.58.144.202

4caliber.com
74thstreet.com
abilityunleashed.com
acellabove.com
aethertide.net
aids-india.org
aimfbs.com
al-hasan.net
aldiemansion.com
animalstalk.net
aqua-metrics.com
areyouadjusted.com
arianahall.com
artfigures.com
backdoorfence.com
bass-x.net
bawcom.net
baycitybombers.com
beangourmet.com
beepestservices.com
blbeach.com
blockstudio-online.com
bolander.net
boschphoto.com
bostonbeacon.net
californiareadinglist.com
cancerlifeline.org
capcurr.com
carbonnel.com
cavaniws.com
chelseachamberplayers.com
chubbypaw.com
cinemajidi.com
coffeefilter.com
cpslawfirm.com
ctomag.com
danceswithhooves.net
dansteinberg.com
davidpavelka.com
deloriahurst.com
desertprogramming.com
docstotalpackage.com
dorny.com
dreamstarkaraoke.net
driedplum.com
driedplum.net
driedplums.com
driedplums.net
eb2bconference.com
ekingdirect.com
elirecords.com
espringdesigns.com
figgle.com
fishonice.com
funniestfemale.com
funopolies.com
gosafenet.com
gruneisen.net
highvaluemarketing.com
hollowtrucking.com
hoylen.com
hyattfarms.net
illuminalovesyou.com
imageloftphoto.com
jakadas.com
jancis.net
johnkeiser.com
jonhowland.com
justavisual.net
k-mac-plastics.net
kathleencameron.com
kekadesign.com
killerkomedy.com
lafinlarry.net
laurakennels.com
liberalinstitute.com
linkyears.com
lionessconsulting.com
mahinder.com
mail.hollowtrucking.com
mdmmc.com
mecca2.myhostdns.com
midwestloads.net
miesen.com
mocktherock.com
moosetwit.com
naflute.com
ninesages.com
ns15.cphosting.com
ns16.cphosting.com
ns6.cphosting.com
obxco.com
parkviewkennels.com
pbforj.com
plastools.com
rbccucc.org
recurrencies.net
rhinehart.net
rubberdonut.com
secihk.com
seedtheworld.com
silvan.us
skikeka.com
slammin.com
sonomasport.com
spitflames.com
structureperfect.com
systematixinc.com
taxprofessionals4hire.com
the-roulette-lounge.com
thebeangourmet.com
thesupplytent.com
tomhilt.com
uscomputertech.net
valkyriesinc.com
vantagepointproductions.com
vitaliy.com
wedig.com
wheatonhockey.com
willowpages.com
writersatthepodium.com


IP Address: 69.73.145.159

*.lambregts.org
*.latinafuckers.com
*.mailforme.org
*.wankyourself.com
albasrahuniv.com
aledween.net
bedounwaseet.com
bnia.com.eg
egpen.com
lambregts.org
mail.bnia.com.eg
mail.concordservice.com
mail.lambregts.org
mail.mailforme.org
mail.necb-misr.com
mailforme.org
necb-misr.com
ns.albasrahuniv.com
ns.aledween.net
ns.concordservice.com
ns.egpen.com
ns.hostahm.com
ns.necb-misr.com
westinghouse-ueo.net
www.wankyourself.com


187.45.195.15

97fm.odo.br
aabbskcis.biz
abcp.org.br
advogando.net
agenciafides.com
alexandresan.com
alvoradahotel.net
amanhantes.biz
americanday.biz
amonoite.biz
andreiazemuner.com
anjoquerubin.biz
antoniojose132.com
antoniojosesenador.com
antoniojosesenador132.com
antoniojotta.com
ataidealexade.biz
atostec.com
atualizacaouol.com
axlengenharia.com
baillargen.net
belaoptica.com
benicecream.com
bernardofaria.com
beta-cto.com
bikeparadebrazil.com
brazilymen.biz
brinformatica.info
brozpeidona.com
caixafeder4l.net
caixafederal2.net
caraveladown.biz
chavesdeacesso.net
clairebijuterias.biz
clairejoiass.biz
clubedocaors.com
comercial360.com
complleto.com
contatocomunica.com
contatocomunica.net
crackeringhouse.com
dealbuquerque.biz
denisebrandao.biz
dermoclinica.med.br
downloadswebs.biz
dtonetti.com.br
dubynovak.com
ecobioambiental.com
eddyebruno.biz
elitesegurancaeletronica.com
emporiodoacucar.com
festgospel1000.com
festlabel2010.com
financasmagalaes.net
ftconstrutora.com
ggasxasx.com
gotti.com.br
grelhadytotu.biz
hhehehxas.com
hm3060.locaweb.com.br
hopesquisa.com
hopesquisademercado.com
imagemengenharia.com
importadoraamericas.com
inboxdenv.net
inicializacaojuridico.net
inicializacaopessoal.net
jeh182.com
juniorrosa.com
kaiomy.biz
kalaacaba.biz
kalbnhsk.biz
karolyngarcya.com
kitandaky.biz
klb.net
lababetterie.com
laxus.com.br
lionbrandao.biz
lkjjaose.biz
lkjjaosekl.biz
macerdan.biz
maissexo24hr.com
marradevas.biz
marvindey.biz
midiaclic.com
mixxtotal.com
morfiga.com
natucid.com.br
oliveira1254.net
optcon.net
padariamirasol.com
pedrocash.com
planetadosexo.net
portaldapropaganda.com.br
portaldoricardogama.com
proeaddireito.com
promocaomais.com
queroveloxemsantarem.net
ragreva.com
renanluna.com
rioparty.net
satolepweb.net
segredosemitos.com
segsecuritysystem.net
sgeduc.com
solariumviana.com
surpreendamaster.net
terraencantadafestas.com
teruelkerlly.net
teruelkerllys.biz
tesouratermica.com
thiagocesar.com
thjardins.com.br
titoryff.com
totalepis.com
twitvota.com
uashuashux1.com
vittorie.net
www.dermoclinica.med.br
www.pfgcaixa.com.br
www.portaldapropaganda.com.br


IP Address: 76.74.238.171

8rich888.biz
dreamlifeasia.com
kocalp.com
money4ever.biz
onlinehom.com
server1.rsyserv.com
swepan.com
wfhswe.com